ingrees-nginx-controller的 nginx，腾讯T3手把手教你

    tcp_nodelay         on;

    log_subrequest      on;

    reset_timedout_connection on;

    keepalive_timeout  75s;
    keepalive_requests 1000;

    client_body_temp_path           /tmp/nginx/client-body;
    fastcgi_temp_path               /tmp/nginx/fastcgi-temp;
    proxy_temp_path                 /tmp/nginx/proxy-temp;

    client_header_buffer_size       1k;
    client_header_timeout           60s;
    large_client_header_buffers     4 8k;
    client_body_buffer_size         8k;
    client_body_timeout             60s;

    http2_max_concurrent_streams    128;

    types_hash_max_size             2048;
    server_names_hash_max_size      1024;
    server_names_hash_bucket_size   32;
    map_hash_bucket_size            64;

    proxy_headers_hash_max_size     512;
    proxy_headers_hash_bucket_size  64;

    variables_hash_bucket_size      256;
    variables_hash_max_size         2048;

    underscores_in_headers          off;
    ignore_invalid_headers          on;

    limit_req_status                503;
    limit_conn_status               503;

    include /etc/nginx/mime.types;
    default_type text/html;

    # Custom headers for response

    server_tokens off;

    more_clear_headers Server;

    # disable warnings
    uninitialized_variable_warn off;

    # Additional available variables:
    # $namespace
    # $ingress_name
    # $service_name
    # $service_port
    log_format upstreaminfo '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id';

    map $request_uri $loggable {

            default 1;
    }

    access_log /var/log/nginx/access.log upstreaminfo  if=$loggable;

    error_log  /var/log/nginx/error.log notice;

    resolver 10.96.0.10 valid=30s ipv6=off;

    # See https://www.nginx.com/blog/websocket-nginx
    map $http_upgrade $connection_upgrade {
            default          upgrade;

            # See http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
            ''               '';

    }

    # Reverse proxies can detect if a client provides a X-Request-ID header, and pass it on to the backend server.
    # If no such header is provided, it can provide a random value.
    map $http_x_request_id $req_id {
            default   $http_x_request_id;

            ""        $request_id;

    }

    # Create a variable that contains the literal $ character.
    # This works because the geo module will not resolve variables.
    geo $literal_dollar {
            default "$";
    }

    server_name_in_redirect off;
    port_in_redirect        off;

    ssl_protocols TLSv1.2 TLSv1.3;

    ssl_early_data off;

    # turn on session caching to drastically improve performance

    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    # allow configuring ssl session tickets
    ssl_session_tickets off;

    # slightly reduce the time-to-first-byte
    ssl_buffer_size 4k;

    # allow configuring custom ssl ciphers
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
    ssl_prefer_server_ciphers on;

    ssl_ecdh_curve auto;

    # PEM sha: 151504dfd3f4bc4a4644c3263f8175e262f2feb9
    ssl_certificate     /etc/ingress-controller/ssl/default-fake-certificate.pem;
    ssl_certificate_key /etc/ingress-controller/ssl/default-fake-certificate.pem;

    proxy_ssl_session_reuse on;

    upstream upstream_balancer {
            ### Attention!!!
            #
            # We no longer create "upstream" section for every backend.
            # Backends are handled dynamically using Lua. If you would like to debug
            # and see what backends ingress-nginx has in its memory you can
            # install our kubectl plugin https://kubernetes.github.io/ingress-nginx/kubectl-plugin.
            # Once you have the plugin you can use "kubectl ingress-nginx backends" command to
            # inspect current backends.
            #
            ###

            server 0.0.0.1; # placeholder

            balancer_by_lua_block {
                    balancer.balance()
            }

            keepalive 320;
            keepalive_time 1h;
            keepalive_timeout  60s;
            keepalive_requests 10000;

    }

    # Cache for internal auth checks
    proxy_cache_path /tmp/nginx/nginx-cache-auth levels=1:2 keys_zone=auth_cache:10m max_size=128m inactive=30m use_temp_path=off;

    # Global filters

    ## start server _
    server {
            server_name _ ;

            listen 80 default_server reuseport backlog=511 ;
            listen 443 default_server reuseport backlog=511 ssl http2 ;

            set $proxy_upstream_name "-";

            ssl_reject_handshake off;

            ssl_certificate_by_lua_block {
                    certificate.call()
            }

            location / {

                    set $namespace      "";
                    set $ingress_name   "";
                    set $service_name   "";
                    set $service_port   "";
                    set $location_path  "";
                    set $global_rate_limit_exceeding n;

                    rewrite_by_lua_block {
                            lua_ingress.rewrite({
                                    force_ssl_redirect = false,
                                    ssl_redirect = false,
                                    force_no_ssl_redirect = false,
                                    preserve_trailing_slash = false,
                                    use_port_in_redirects = false,
                                    global_throttle = { namespace = "", limit = 0, window_size = 0, key = { }, ignored_cidrs = { } },
                            })
                            balancer.rewrite()
                            plugins.run()
                    }

                    # be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
                    # will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
                    # other authentication method such as basic auth or external auth useless - all requests will be allowed.
                    #access_by_lua_block {
                    #}

                    header_filter_by_lua_block {
                            lua_ingress.header()
                            plugins.run()
                    }

                    body_filter_by_lua_block {
                            plugins.run()
                    }

                    log_by_lua_block {
                            balancer.log()

                            monitor.call()

                            plugins.run()
                    }

                    access_log off;

                    port_in_redirect off;

                    set $balancer_ewma_score -1;
                    set $proxy_upstream_name "upstream-default-backend";
                    set $proxy_host          $proxy_upstream_name;
                    set $pass_access_scheme  $scheme;

                    set $pass_server_port    $server_port;

                    set $best_http_host      $http_host;
                    set $pass_port           $pass_server_port;

                    set $proxy_alternative_upstream_name "";

                    client_max_body_size                    1m;

                    proxy_set_header Host                   $best_http_host;

                    # Pass the extracted client certificate to the backend

                    # Allow websocket connections
                    proxy_set_header                        Upgrade           $http_upgrade;

                    proxy_set_header                        Connection        $connection_upgrade;

                    proxy_set_header X-Request-ID           $req_id;
                    proxy_set_header X-Real-IP              $remote_addr;

                    proxy_set_header X-Forwarded-For        $remote_addr;

                    proxy_set_header X-Forwarded-Host       $best_http_host;
                    proxy_set_header X-Forwarded-Port       $pass_port;
                    proxy_set_header X-Forwarded-Proto      $pass_access_scheme;
                    proxy_set_header X-Forwarded-Scheme     $pass_access_scheme;

                    proxy_set_header X-Scheme               $pass_access_scheme;

                    # Pass the original X-Forwarded-For
                    proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;

                    # mitigate HTTPoxy Vulnerability
                    # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
                    proxy_set_header Proxy                  "";

                    # Custom headers to proxied server

                    proxy_connect_timeout                   10s;
                    proxy_send_timeout                      120s;
                    proxy_read_timeout                      120s;

                    proxy_buffering                         off;
                    proxy_buffer_size                       4k;
                    proxy_buffers                           4 4k;

                    proxy_max_temp_file_size                1024m;

                    proxy_request_buffering                 on;
                    proxy_http_version                      1.1;

                    proxy_cookie_domain                     off;
                    proxy_cookie_path                       off;

                    # In case of errors try the next upstream server before returning an error
                    proxy_next_upstream                     error timeout;
                    proxy_next_upstream_timeout             0;
                    proxy_next_upstream_tries               3;

                    proxy_pass http://upstream_balancer;

                    proxy_redirect                          off;

            }

            # health checks in cloud providers require the use of port 80
            location /healthz {

                    access_log off;
                    return 200;
            }

            # this is required to avoid error if nginx is being monitored
            # with an external software (like sysdig)
            location /nginx_status {

                    allow 127.0.0.1;

                    deny all;

自我介绍一下，小编13年上海交大毕业，曾经在小公司待过，也去过华为、OPPO等大厂，18年进入阿里一直到现在。

深知大多数Linux运维工程师，想要提升技能，往往是自己摸索成长或者是报班学习，但对于培训机构动则几千的学费，着实压力不小。自己不成体系的自学效果低效又漫长，而且极易碰到天花板技术停滞不前！

因此收集整理了一份《2024年Linux运维全套学习资料》，初衷也很简单，就是希望能够帮助到想自学提升又不知道该从何学起的朋友，同时减轻大家的负担。

既有适合小白学习的零基础资料，也有适合3年以上经验的小伙伴深入学习提升的进阶课程，基本涵盖了95%以上Linux运维知识点，真正体系化！

由于文件比较大，这里只是将部分目录大纲截图出来，每个节点里面都包含大厂面经、学习笔记、源码讲义、实战项目、讲解视频，并且后续会持续更新

如果你觉得这些内容对你有帮助，可以添加VX：vip1024b （备注Linux运维获取）

最全的Linux教程，Linux从入门到精通

======================

1. linux从入门到精通(第2版)

2. Linux系统移植

3. Linux驱动开发入门与实战

4. LINUX 系统移植 第2版

5. Linux开源网络全栈详解 从DPDK到OpenFlow

第一份《Linux从入门到精通》466页

====================

内容简介

====

本书是获得了很多读者好评的Linux经典畅销书**《Linux从入门到精通》的第2版**。本书第1版出版后曾经多次印刷，并被51CTO读书频道评为“最受读者喜爱的原创IT技术图书奖”。本书第﹖版以最新的Ubuntu 12.04为版本，循序渐进地向读者介绍了Linux 的基础应用、系统管理、网络应用、娱乐和办公、程序开发、服务器配置、系统安全等。本书附带1张光盘，内容为本书配套多媒体教学视频。另外,本书还为读者提供了大量的Linux学习资料和Ubuntu安装镜像文件，供读者免费下载。

本书适合广大Linux初中级用户、开源软件爱好者和大专院校的学生阅读，同时也非常适合准备从事Linux平台开发的各类人员。

需要《Linux入门到精通》、《linux系统移植》、《Linux驱动开发入门实战》、《Linux开源网络全栈》电子书籍及教程的工程师朋友们劳烦您转发+评论

一个人可以走的很快，但一群人才能走的更远。不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人，都欢迎扫码加入我们的的圈子（技术交流、学习资源、职场吐槽、大厂内推、面试辅导），让我们一起学习成长！

nimg.cn/img_convert/9d4aefb6a92edea27b825e59aa1f2c54.png)

本书适合广大Linux初中级用户、开源软件爱好者和大专院校的学生阅读，同时也非常适合准备从事Linux平台开发的各类人员。

需要《Linux入门到精通》、《linux系统移植》、《Linux驱动开发入门实战》、《Linux开源网络全栈》电子书籍及教程的工程师朋友们劳烦您转发+评论

一个人可以走的很快，但一群人才能走的更远。不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人，都欢迎扫码加入我们的的圈子（技术交流、学习资源、职场吐槽、大厂内推、面试辅导），让我们一起学习成长！
[外链图片转存中…(img-eu8Jg2F5-1712496869993)]